Return a sequence of header tuples (e.g. [('Set-Cookie','foo=abc')]) suitable for 'forgetting' the set of credentials
possessed by the currently authenticated user. A common usage
might look like so within the body of a view function
(response is assumed to be an WebOb -style
response object computed previously by the view code):

Returns a sequence of header tuples (e.g. [('Set-Cookie','foo=abc')])
on this request's response.
These headers are suitable for 'remembering' a set of credentials
implied by the data passed as userid and *kw using the
current authentication policy. Common usage might look
like so within the body of a view function (response is
assumed to be a WebOb -style response object
computed previously by the view code):

If no authentication policy is in use, this function will
always return an empty sequence. If used, the composition and
meaning of **kw must be agreed upon by the calling code and
the effective authentication policy.

Deprecated since version 1.6: Renamed the principal argument to userid to clarify its
purpose.

Provided a context (a resource object), and a permission
(a string or unicode object), if a authorization policy is
in effect, return a sequence of principal ids that possess
the permission in the context. If no authorization policy is
in effect, this will return a sequence with the single value
pyramid.security.Everyone (the special principal
identifier representing all principals).

Note

even if an authorization policy is in effect,
some (exotic) authorization policies may not implement the
required machinery for this function; those will cause a
NotImplementedError exception to be raised when this
function is invoked.

If the view specified by context and name is protected
by a permission, check the permission associated with the
view using the effective authentication/authorization policies and
the request. Return a boolean result. If no
authorization policy is in effect, or if the view is not
protected by a permission, return True. If no view can view found,
an exception will be raised.

The special principal id named 'Authenticated'. This principal id
is granted to all requests which contain any other non-Everyone
principal id (according to the authentication policy).
Its actual value is the string 'system.Authenticated'.

An object that can be used as the permission member of an ACE
which matches all permissions unconditionally. For example, an
ACE that uses ALL_PERMISSIONS might be composed like so:
('Deny','system.Everyone',ALL_PERMISSIONS).

A convenience shorthand ACE that defines ('Deny','system.Everyone',ALL_PERMISSIONS). This is often used as the
last ACE in an ACL in systems that use an "inheriting" security
policy, representing the concept "don't inherit any other ACEs".

A special permission which indicates that the view should always
be executable by entirely anonymous users, regardless of the
default permission, bypassing any authorization policy
that may be in effect. Its actual value is the string
'__no_permission_required__'.

An instance of ACLDenied represents that a security check made
explicitly against ACL was denied. It evaluates equal to all boolean
false types. It also has the following attributes: acl, ace,
permission, principals, and context. These attributes
indicate the security values involved in the request. Its __str__ method
prints a summary of these attributes for debugging purposes. The same
summary is available as the msg attribute.

An instance of ACLAllowed represents that a security check made
explicitly against ACL was allowed. It evaluates equal to all boolean
true types. It also has the following attributes: acl, ace,
permission, principals, and context. These attributes
indicate the security values involved in the request. Its __str__ method
prints a summary of these attributes for debugging purposes. The same
summary is available as the msg attribute.

An instance of Denied is returned when a security-related
API or other Pyramid code denies an action unrelated to
an ACL check. It evaluates equal to all boolean false types. It
has an attribute named msg describing the circumstances for
the deny.

An instance of Allowed is returned when a security-related
API or other Pyramid code allows an action unrelated to
an ACL check. It evaluates equal to all boolean true types. It
has an attribute named msg describing the circumstances for
the allow.